﻿<cfscript>
/** 
* Security Frameworks - accessFilter
* 
* @extends "MachII.framework.EventFilter"
* 
* @displayname "acadmicManager.filters.security.accessFilter" 
* @hint "Security Frameworks - accessFilter" 
* 
* @Output false
* 
* @depends "sessionAdvice"
*/ 

component {
	
	/*
	* @hint "Configures this filter as part of the Mach-II framework" 
	*/
	public void function configure() output=false {} 
	
	/*
	* @hint "Filters event and returns a boolean to Mach-II indicating whether or not the event queue should proceed.  If not, the event queue is cleared and a new event is announced."
	* 
	* @event "MachII Event Object"
	* @eventContext "MachII EventContext Object"
	*/
	public boolean function filterEvent ( required MachII.framework.Event event, required MachII.framework.EventContext eventContext ) output=false {
		
		/* 第一步 CRSF 检测 */
		if ( findNoCase(CGI.HTTP_HOST, CGI.HTTP_REFERER) ) { 
		
			var sessionAdvice = getsessionAdvice();
		
			/* 第二步 首先检查内部的认证信息是否存在 */
			if ( sessionAdvice.isUserAuthorized() ) {
				/* 如果本地 session 已经存在的话 */
				if ( sessionAdvice.isUserInAnyAuthorizedGroups( getParameter("authorizedGroup") ) ) {
					/* 验证用户是否归属于限定的用户组 */
					return true;
				}
			}
		
		}

		return false;
	}
	
}
</cfscript>